Search
  • Avantia Threat Update

EMPLOYEE USERS OF OFFICE 365 TARGETED BY NATION STATE HACKERS



THIS PAST WEEK:

Microsoft to add 'nation-state activity alerts' to Defender for Office 365; Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7; Microsoft warns: You've only got six months to move from Skype for Business Online to Teams; Researchers want Australia's digital ID system thrown out and redesigned from scratch; Microsoft: Here's how we fix bad spelling in 100 languages to get you the right search results; Amazon wants you to have an erotic relationship with Alexa – In case you missed it; Ransomware romps through the UK; US Cellular has a CRM disaster that goes from bad to worse, big takedowns of ransomware gangs match the big surge in ransomware but don't fix the problem and major breaches in USA; UK; AUSTRIA & HONG KONG.


Dark Web Top Threats This Past Week

Top Source Hits: ID Theft Forum Top Compromise Type: Domain Top Industry: Sales & Retail Top Employee Count: 501+

_________________________________________________________________________________


Microsoft to add 'nation-state activity alerts' to Defender for Office 365

Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) that will notify companies when their employees are being targeted by nation-state threat actors. The feature was added on Saturday to the Microsoft 365 roadmap website. The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts. If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices. Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks. But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn't always happen. Users don't read their emails daily, or it might sometimes take hours before the user reaches the notification in crowded inboxes, a time during which attackers could use to steal sensitive documents. For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats. This way, the notification will also appear for system administrators and security teams, who can act on it right away by calling the affected employees personally, resetting email account passwords, resetting other internal passwords, or by initiating a broader security audit. The OS maker expects to have this feature ready by the end of the February, 2020. Besides Microsoft, which does this for Microsoft Outlook email accounts, similar alerts for nation-state attacks are also available for Yahoo accounts, public Gmail accounts, and G Suite accounts. Facebook also warns users of nation-state attacks against its social media accounts.


Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. In the aftermath of the Oldsmar incident, where an unidentified attacker gained access to a water treatment plant's network and modified chemical dosages to dangerous levels, the FBI has sent out an alert raising attention to three security issues that have been seen on the plant's network following the attack. The alert, called a Private Industry Notification, or FBI PIN, warns about the use of out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer, urging private companies and federal and government organizations to review internal networks and access policies accordingly.

TEAMVIEWER CONSIDERED THE POINT OF ENTRY The FBI PIN specifically names TeamViewer as a desktop sharing software to watch out for after the app was confirmed as the attacker's entry point into the Oldsmar water treatment plant's network. According to a Reuters report, officials said the intruder connected to a computer on the Oldsmar water treatment plant's network via TeamViewer on two occasions last Friday. In the second one, the attacker actively took control of the operator's mouse, moved it on screen, and made changes to sodium hydroxide (lye) levels that were being added to drinking water. While the operator reversed the changes the hacker made almost immediately, the incident became an instant point of contention and discussion among security professionals. Among the most common point brought up in online discussions was the use of the TeamViewer app to access resources on US critical infrastructure. In a Motherboard report published on Tuesday, several well-known security experts criticized companies and workers who often use the software for remote work, calling it insecure and inadequate for managing sensitive resources. While the FBI PIN alert doesn't take a critical tone or stance against TeamViewer, the FBI would like federal and private sector organizations to take note of the app. "Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs)," the FBI said. "TeamViewer's legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs. The FBI alert doesn't specifically tell organizations to uninstall TeamViewer or any other type of desktop sharing software but warns that TeamViewer and other similar software can be abused if attackers gain access to employee account credentials or if remote access accounts (such as those used for Windows RDP access) are secured with weak passwords.

FBI WARNS ABOUT WINDOWS 7 USE... AGAIN In addition, the FBI alert also warns about the continued use of Windows 7, an operating system that has reached end-of-life last year, on January 14, 2020, an issue the FBI also warned US companies about last year. This part of the warning was included because the Oldsmar water treatment plant was still using Windows 7 systems on its network, according to report from the Massachusetts Government. While there is no evidence to suggest the attackers abused Windows 7-specific bugs, the FBI says that continuing to use the old operating system is dangerous as the OS is unsupported and does not receive security updates, which currently leaves many systems exposed to attacks via newly discovered vulnerabilities. However, a Cyberscoop report published today highlights the fact that the Oldsmar plant, along with many other US water treatment facilities are often underfunded and understaffed. While the FBI warns against the use of Windows 7 for good reasons, many companies and US federal and state agencies might not be able to do anything about it, barring a serious financial investment into modernizing IT infrastructure from upper management, something that's not expected anytime soon in many locations. In these cases, the FBI recommends a series of basic security best practices as an intermediary way to mitigate threats, such as:

  • Use multi-factor authentication;

  • Use strong passwords to protect Remote Desktop Protocol (RDP) credentials;

  • Ensureanti-virus, spam filters, and firewalls are up to date, properly configured, and secure;

  • Audit network configurations and isolate computer systems that cannot be updated;

  • Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts;

  • Audit logs for all remote connection protocols;

  • Train users to identify and report attempts at social engineering;

  • Identify and suspend access of users exhibiting unusual activity;

  • Keep software updated.


Microsoft warns: You've only got six months to move from Skype for Business Online to Teams

Microsoft announced the Skype for Business Online deadline on July 30, 2019, giving two years for customers to move to Teams. The alert from the Redmond company is a reminder that Skype for Business Online retires in six months' time. Microsoft acknowledges that customers are at varying points of their migration to Teams and that the COVID-19 pandemic may have caused delays to migration, but it isn't extending the deadline beyond July 31, 2021. "Regardless of where you are on the journey from Skype for Business to Teams, this is an important checkpoint to make sure your organization is on track to upgrade to Teams before Skype for Business Online retires and access to the service ends," the Microsoft Teams team said in a blogpost. "Some organizations may not be far along in the Teams upgrade planning process. It's understandable as the events of the past year have impacted strategies, priorities, and resources for so many. Don't worry, you still have time," the team added. Microsoft notes that numerous customers have upgraded from Skype for Business Online, hybrid deployments or Skype for Business Server to Teams "in a matter of months." It also provides links in the blog to resources to help customers migrate to Teams. Microsoft claimed in 2018 that Teams had reached "feature parity" with Skype for Business Online. Since then, Microsoft has worked to improve calling features and it's doubled down on new video-meeting and collaboration features throughout the COVID-19 pandemic as much of the world's workforce moved to remote working. Usage of Teams has grown rapidly during the pandemic. In 2019, it had 500,000 organizations using Teams worldwide. In October 2020, Microsoft said Teams had more than 115 million daily active users, up from 75 million daily active users in April. Some Skype for Business Online customers will be eligible for automated upgrades to Microsoft Teams, the company said. "This program was designed to assist customers with the technical elements of upgrading a Skype for Business Online tenant to Teams Only," notes Microsoft. "Customers scheduled for automated upgrades will receive notifications in both the Teams admin center, as well as the Microsoft 365 Message Center, at least three months before their upgrade date to allow time for technical and user readiness."


Microsoft: Here's how we fix bad spelling in 100 languages to get you the right search results

Microsoft has explained how it is using a variety of technologies and techniques to fix bad spellings that can mean queries addressed to its Bing search engine would otherwise deliver the wrong results. The software giant is getting back to basics in its latest push by focussing on spelling errors when people search online. It reckons that 15% of queries are misspelled and, when they are, search engines can deliver bad answers. So, Microsoft has figured out that it needs to automatically fix users' poor spelling in order to improve the experience of Bing. "Spelling correction is the very first component in the Bing search stack because searching for the correct spelling of what users mean improves all downstream search components," Microsoft notes. Microsoft has has had "high-quality spelling correction" for about two dozen languages for a while, but is now expanding Bing spelling correction to cater for over 100 languages. "In order to make Bing more inclusive, we set out to expand our current spelling correction service to 100-plus languages, setting the same high bar for quality that we set for the original two dozen languages. We've found we need a very large number of data points to train a high-quality spelling correction model for each language, and sourcing data in over 100 languages would be incredibly difficult logistically – not to mention costly in both time and money," it says. This rapid increase in languages covered was enabled by Microsoft researchers leveraging recent advances in AI, including zero-shot learning combined with carefully designed large-scale pre-training tasks, plus historical linguistics theories. Its engineers acknowledge the benefits of using web documents for language models, but they call out the approach's shortcomings for minority languages. "For precise and high-performing error models, search engines have largely leveraged user feedback on autocorrection recourse links. This practice has been very effective, especially for languages where user feedback data has been gathered on a large scale. For a language with very little web presence and user feedback, it's challenging to gather an adequate amount of training data." Microsoft's Speller100 tool is focussed on rarer languages by targeting language families that share characteristics. "Imagine someone had taught you how to spell in English and you automatically learned to also spell in German, Dutch, Afrikaans, Scots, and Luxembourgish. That is what zero-shot learning enables, and it is a key component in Speller100 that allows us to expand to languages with very little to no data."After conducting Bing online A/B testing using the new tool, Microsoft said the the number of pages with no results reduced by up to 30%, the number of times users had to manually reformulate their query reduced by 5%, and the number of times users clicked on any item on the page went from single digits to 70%.


Researchers want Australia's digital ID system thrown out and redesigned from scratch

Researchers have recommended the Australian Government abandon its existing digital identity system and start again from scratch, highlighting again security flaws in two of the systems already accredited. Professor Vanessa Teague and Ben Frengley last year disclosed to the Australian Taxation Office (ATO) a weakness in its myGovID system. They found myGovID is subject to an easily implemented code proxying attack, which allows a malicious website to proxy a person's myGovID login and re-use their authentication to log in to the victim's account on any website of their choice. The pair said the ATO, in response, informed them of having no intentions to fix the flaw. The Digital Transformation Agency (DTA) is responsible for the Trusted Digital Identity Framework (TDIF), which is a high-level design for a federated authentication system. "The primary security goal of an authentication mechanism is to prevent malicious parties from logging in fraudulently to others' accounts. A secondary security goal is to maintain the privacy of the identity proof documents and biometric data used to establish identity," the researchers wrote. "Neither the TDIF's high-level design, nor its implementation by the ATO (myGovID) meet their intended security goals." myGovID is an accredited digital ID provider, as is Australia Post's equivalent identity service. Teague and Frengley have identified flaws in the postal service's system, too. The Identity Exchange (IdX), the researchers said, acts as a single point of failure for both privacy and authentication, resulting in an "extremely brittle architecture that would allow for large-scale identity fraud if that one component came under the control of a malicious party". They said the IdX is intended to hide the identity of the relying party from the identity provider, but fails to do this in the ATO's implementation. Of concern to both is that the implementation of the TDIF in Australia Post's Digital iD does not even appear to use an IdX at all, which is the fundamental component of the TDIF's design. "Although we have not examined Australia Post's implementation in detail, it seems to diverge substantially from the TDIF specification, but has apparently been accredited anyway," they added. "The TDIF as currently designed and implemented does not meet its own guiding principles -- it is not immediately obvious that a brokered model without technical means to preserve privacy even can meet them." As a result, the researchers have recommended a "careful re-evaluation of the priorities of the TDIF", and a consideration of other options which may meet its goals. Alternatives the pair have offered up include the use of a public key infrastructure-based system or the use of a simple, standard, pairwise OpenID Connect protocol instead of a "complex brokered model with poor privacy and security properties". "The system should be abandoned and redesigned from scratch by people with some understanding of secure protocol design and some concern for protecting their fellow citizens from identity theft," they wrote. "Legislating to make it secure by fiat will not stop organised crime, foreign governments, or ordinary criminals, from taking advantages of its design flaws. A public key infrastructure is much more likely to succeed." The researchers were also concerned with a paragraph in the DTA's consultation paper that states the resulting digital ID legislation will include additional mechanisms, including penalties for protecting information used in the system, such as biometric information. These mechanisms could include criminal offence provisions and civil penalty provisions. "There are numerous Australian laws that do effectively penalise protecting information, but this is the first time we have seen the objective stated explicitly without invoking terrorists or paedophiles," Teague and Frengley wrote. "We hope this is a typo, and strongly suggest penalising the inappropriate sharing or negligent leaking of information instead. "It is important not to criminalise security research aimed at improving the system's security by openly examining its (numerous, serious) weaknesses."


Amazon wants you to have an erotic relationship with Alexa – In case you missed it.

While you're nibbling your tortilla chips on Sunday, Amazon will be wanting you to expand your nibbling possibilities. That's the only thing one can conclude from the company's latest attempt to create intimacy between you and its intrusive artificial intelligence. The company has just released its Super Bowl ad that so bathes in steaminess that some might find it unseemly. Why, it even includes the line: "Things are getting way too wet around here." We begin with a woman claiming the Amazon Echo is "flawless." She waxes that she couldn't imagine anything more beautiful.

And then she remembers Michael B. Jordan. The "Creed" and "Black Panther" actor isn't quite my idea of infinite pulchritude. Yet we're here faced with our woman fantasizing that Alexa is actually embodied in him, rather than, say, Amazon's innate creepiness. The woman whispers to Alexa/Jordan in come-hither tones. Her real-life lover wonders what's come over her. We've already seen Joaquin Phoenix fall in love with the artificially intelligent voice of Scarlett Johansson in "Her." Here, though, is Amazon's insistence that you should just as easily fall in love with a cheap little gadget that may or may not be spying on you. And may or may not be rather more insecure than Amazon would prefer you to know. In any case, don't you want your relationship with your smart speaker to be stable, with the potential of a long-term commitment? Being with a Hollywood actor can't often engender the idea that this could be forever. There are too many temptations along the way. For the actor, that is Which Amazon Echo to buy? How to pick the best Alexa device for your needs. Amazon now has an entire army of Echo devices. Some listen to you. Some also watch you. Which should you choose? We help you decide.Then again, perhaps this is a perfect analogy. After all, smart speakers are renowned for letting you down, not hearing what you're actually saying and even doing things without telling you. All facets of some Hollywood actors I can think of. Still, when you're stuck at home with only the same old humans and animals for company all day, perhaps the only thing you can do is fantasize about your smart speaker. I just asked Siri whether Michael B. Jordan is cute. She replied: "I don't personally know Michael B. Jordan, so I couldn't say." You see, what you see on screen is merely a fantasy. Just like the fantasy of Alexa being your lover. But this is all merely trying to get you to buy into Alexa's world, isn't it? Laughter works. It does, yet here are some words from Morning Consult's latest Super Bowl ad research: "In general, ads reflecting our current reality -- people wearing masks, practicing social distancing or even on video calls -- would be significantly more likely to drive purchase likelihood than particularly non-compliant or unrealistic visuals including people not wearing masks."There's quite a lot of unrealism in this ad. Not much social distancing, either.


THREAT FOCUS Risk scores for This Past Week are calculated using a formula that considers a wide range of factors related to the assessed breach.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

THREAT FOCUS : United States – USCellular

https://www.techtimes.com/articles/256503/20210129/uscellular-data-breach-hackers-gained-access-users-personal-pin-code.htm

Exploit: Credential Compromise

US Cellular: Mobile Phone Company

Risk to Business: 1.379 = Extreme USCellular, the fourth largest mobile network in the US, has suffered a data breach after a successful malware attack. Hackers used malicious code disguised as a routine software update to gain access to systems including its Customer Relationship Management (CRM) and client records. This is not USCellular’s first time at this rodeo – the company has had consistent information security problems.

Individual Risk: 1.321 = Extreme USCellular advised customers that their account records including name, address, PIN code, and cellular telephone numbers(s) as well as information about the customer’s wireless services including service plan, usage and billing statements, personal information, PIN code, service plan, and billing statements might have been compromised. However, data such as social security numbers and credit card information remained inaccessible to the hackers. Clients should be wary of spear phishing, business email compromise and identity theft using this information. Customers Impacted: 4.9 million

How it Could Affect Your Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

Avantia Cyber Security & ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. Call +61 7 30109711


THREAT FOCUS: United States – DSC Logistics

https://www.freightwaves.com/news/ransomware-attack-targets-major-us-logistics-firm-dsc

Exploit: Ransomware

DSC Logistics: Shipping and Freight

Risk to Business: 1.775 = Severe DSC logistics received an unwelcome delivery of Egregor ransomware. The attack was announced on the gang’s ransomware site. The company noted that it was successfully able to continue operations without incident. DSC has called in outside experts to investigate, and declined to comment on whether any data was stolen. Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware has been a plague on every industry, but freight and logistics companies have been hit especially hard in recent months.

Avantia Cyber Security & ID Agent to the Rescue: Everyone needs to understand the seriousness of today’s threats. Our Security Awareness Champion’s Guide makes understanding cyber threats easy and fun. Call +61 7 30109711 for more info.


THREAT FOCUS: United States – Nissan North America

https://www.industryweek.com/technology-and-iiot/article/21151660/data-leak-hits-nissan-north-america

Exploit: Misconfiguration

Nissan North America: Automotive Manufacturer

Risk to Business: 2.779 = Moderate - Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Keeping data safe from hackers starts with keeping data secure by using strong identity and access management tools across the board and basic security protocols like multifactor authentication.

Avantia Cyber Security & ID Agent to the Rescue: Passly provides the toolkit that businesses need to keep cybercriminals locked out of data and systems including multifactor authentication and secure shared password vaults. For more information call Avantia on +61 7 30109711


THREAT FOCUS: United Kingdom – UK Research and Innovation (UKRI)

https://www.bleepingcomputer.com/news/security/uk-research-and-innovation-ukri-suffers-ransomware-attack/

Exploit: Ransomware

UKRI: Scientific Research Agency


Risk to Business: 1.411 = Severe

The UK Research and Innovation (UKRI) agency is now researching a ransomware incident that encrypted data and impacted its proprietary services. The impacted services include a service offering information to subscribers and the platform for peer review of various parts of the agency. The agency has not yet disclosed if data was stolen or any other impact, and the incident is under investigation. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research, and it’s generous budget may have made it an attractive target for ransomware.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a huge risk for every business, and it’s essential that everyone in your team is on board to spot and stop ransomware attacks.

ID Agent to the Rescue: Go back to school to learn why ransomware has become such a prevalent threat in today’s landscape and how to stop it in our ebook Ransomware 101. READ THE EBOOK>>


THREAT FOCUS: United Kingdom - Mensa

https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/?sh=25d023bf43f5

Exploit: Password Compromise

Mensa: Intellectual Club

Risk to Business: 1.827 = Severe

Mensa UK experienced a hack on its website that has resulted in the theft of members’ personal data. The organization had reportedly failed to secure the data of its 18,000 members properly. The stored passwords of Mensa members who accessed the site were not hashed or encrypted in any way, with some sent and stored in plain text, making it a snap for hackers to gain entry. The hackers were able to access and use a Director’s password, to extract an indeterminate amount of information including personal details of members and private conversations conducted on the platform.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: 21,000

How it Could Affect Your Business: Password compromise is a constant menace for companies that don’t use contemporary safety protocols like multifactor authentication, let alone handling passwords in plain text files.

IAvantia Cyber Security & D Agent to the Rescue: Get affordable, state-of-the-art protection from password-based cyberattacks with secure identity and access management from Passly. Contact Avantia at info@avantiacorp.com.au for more info


THREAT FOCUS: Austria – Palfinger

https://www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/

Exploit: Ransomware

Palfinger: Crane Manufacturer

Risk to Business: 2.006 = Severe

Crane manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. The company notes that its enterprise resource systems and many online or digital functions are unavailable to customers. No information is available on the kind of ransomware involved or an expected date for service restoration.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is almost always the result of a phishing attack, and it’s been a constant danger for healthcare organizations around the world as the global pandemic continues.

Avantia Cyber SEcurity & D Agent to the Rescue: BullPhish ID makes training a breeze for both employees and trainers, helping reduce the chance of a ransomware attack succeeding. Call +61 7 30109711 for more info.


THREAT FOCUS: Hong Kong – Dairy Farm

https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/

Exploit: Ransomware

Dairy Farm: Retail Conglomerate

Risk to Business: 1.616 = Severe

Enormous Pan-Asian retailer Dairy Farm is the latest victim of REvil ransomware. The attackers claim to have demanded a $30 million ransom. As proof, REvil has released images of the company’s Active Directory Users and Computers MMC. The attackers claim to still be in control of the company’s computer systems, including full control over Dairy Farm’s corporate email, which they state will be used for phishing attacks.

Individual Risk: No personal or business data was reported as confirmed to be stolen in this incident that is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice of most of today’s cybercriminals, and it can strike any buiness of any size from corner stores to retail giants.

ID Agent to the Rescue: BullPhish ID is newly upgraded and updated with customizable campaign materials and white labeling capability to take your training experience to the next level. Contact Avantia at info@avantiacorp.com.au for more info.

________________________________________________________________________


POSTSCRIPT:

Major Ransomware Gangs Get Crushed but Risk Keeps Climbing

On the heels of a surge in cybercrime, especially ransomware, officials around the world have taken steps to shut down cybercrime gangs and destroy their networks. While several major cybercrime purveyors have been recently impacted in those operations, ransomware is still chugging along as an extremely dangerous and growing cybercrime sector.

It’s no wonder that ransomware is the preferred weapon of cyber criminals worldwide. More than 50% of businesses have been impacted in some way by ransomware in the last 12 months. Ransomware is at the root of 50% of data breaches in the healthcare sector alone. It’s also a tremendous player in other industries, with the rest of the top 5 being Manufacturing, Government, Retail and Construction.


Hitting Them Hard and Fast Works

Government officials around the world have been acting to crack down on ransomware gangs and the technology that services them, for years, but they’ve really stepped up their efforts in the last 6 months. A massive US-based operation in November 2020 dealt a strong blow to TrickBot in the run-up to the US elections after fears of nation-state interference impacted public concern, and other operations occur daily to make things harder for cybercriminals

One recent success in the fight against ransomware was the takedown of the Emotet botnet and crippling of the NetWalker ransomware gangs. Officials in the US, Canada, UL, and EU worked together to perform a well-timed series of arrests and seizures, including criminal arrests and seizing hardware. A Canadian national has been detained in connection with the NetWalker attacks and more than $450K in cryptocurrency was seized. Bulgarian authorities also seized resources including hardware that NetWalker attackers used to facilitate their crimes. The RCMP, FBI and EU authorities took the legs out from under the legendary Emotet botnet as part of a concurrent operation. Canadian officials seized or disabled 13 of the 50 command and control servers behind Emotet, and officials in The Netherlands disabled or seized the technology powering their European operations center. Dutch authorities are planning to release an update through captured Emotet servers on March 25 designed to erase any malware delivered through the botnet.

_________________________________________________________________________





CLICK THIS LINK TO REVIEW OUR OUR CYBER SECURITY PARTNERS - THE BEST OF THE BEST






DISCLAIMER* Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.